CVE-2022-27646 – NETGEAR R6700v3 circled Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27646
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-523 • CWE-121: Stack-based Buffer Overflow •
CVE-2022-27644 – NETGEAR R6700v3 Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-27644
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 https://www.zerodayinitiative.com/advisories/ZDI-22-520 • CWE-295: Improper Certificate Validation •
CVE-2022-27643 – NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27643
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323 https://www.zerodayinitiative.com/advisories/ZDI-22-519 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-20175
https://notcve.org/view.php?id=CVE-2021-20175
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext Netgear Nighthawk R6700 versión 1.0.4.120, no usa métodos de comunicación seguros para la interfaz SOAP. De forma predeterminada, toda la comunicación hacia/desde la interfaz SOAP del dispositivo (puerto 5000) se envía por medio de HTTP, lo que causa que la información potencialmente confidencial (como nombres de usuario y contraseñas) se transmita en texto sin cifrar • https://www.tenable.com/security/research/tra-2021-57 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-20174
https://notcve.org/view.php?id=CVE-2021-20174
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. Netgear Nighthawk R6700 versión 1.0.4.120, no usa métodos de comunicación seguros con la interfaz web. Por defecto, toda la comunicación hacia/desde la interfaz web del dispositivo es enviada por medio de HTTP, lo que causa que información potencialmente confidencial (como nombres de usuario y contraseñas) se transmita en texto sin cifrar. • https://www.tenable.com/security/research/tra-2021-57 • CWE-319: Cleartext Transmission of Sensitive Information •